Commit 1328777a authored by Ondřej Kuzník's avatar Ondřej Kuzník
Browse files

Fix a SASL channel-binding leak

parent 58d66a39
...@@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c ) ...@@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c )
c->c_sasl_defaults = NULL; c->c_sasl_defaults = NULL;
} }
if ( c->c_sasl_authctx ) { if ( c->c_sasl_authctx ) {
#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
if ( c->c_sasl_cbinding ) {
ch_free( c->c_sasl_cbinding );
}
#endif
sasl_dispose( &c->c_sasl_authctx ); sasl_dispose( &c->c_sasl_authctx );
} }
#endif /* HAVE_CYRUS_SASL */ #endif /* HAVE_CYRUS_SASL */
......
...@@ -340,6 +340,10 @@ struct LloadConnection { ...@@ -340,6 +340,10 @@ struct LloadConnection {
#ifdef HAVE_CYRUS_SASL #ifdef HAVE_CYRUS_SASL
sasl_conn_t *c_sasl_authctx; sasl_conn_t *c_sasl_authctx;
void *c_sasl_defaults; void *c_sasl_defaults;
#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
sasl_channel_binding_t *c_sasl_cbinding; /* Else cyrus-sasl would happily
* leak it on sasl_dispose */
#endif /* SASL_CHANNEL_BINDING */
#endif /* HAVE_CYRUS_SASL */ #endif /* HAVE_CYRUS_SASL */
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
......
...@@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred ) ...@@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred )
cb->data = cb_data = cb + 1; cb->data = cb_data = cb + 1;
memcpy( cb_data, cbv.bv_val, cbv.bv_len ); memcpy( cb_data, cbv.bv_val, cbv.bv_len );
sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb ); sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb );
c->c_sasl_cbinding = cb;
} }
} }
#endif #endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment